- Fix for #1114: Fix that cache fill for forward-host names is

  performed, so that with nonzero target-fetch-policy it fetches
  forwarder addresses and uses them from cache. Also updated that
  delegation point cache fill routines use CDflag for AAAA message
  lookups, so that its negative lookup stops a recursion since the
  cache uses the bit for disambiguation for dns64 but the recursion
  uses CDflag for the AAAA target lookups, so the check correctly
  stops a useless recursion by its cache lookup.

diff --git a/doc/Changelog b/doc/Changelog
index f6f943045bc30db4b2fc26f9ac0c2bfaa66283c6..ec8024cc13f80ffcbc0069387da5169e56562683 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,13 @@
+31 July 2024: Wouter
+       - Fix for #1114: Fix that cache fill for forward-host names is
+         performed, so that with nonzero target-fetch-policy it fetches
+         forwarder addresses and uses them from cache. Also updated that
+         delegation point cache fill routines use CDflag for AAAA message
+         lookups, so that its negative lookup stops a recursion since the
+         cache uses the bit for disambiguation for dns64 but the recursion
+         uses CDflag for the AAAA target lookups, so the check correctly
+         stops a useless recursion by its cache lookup.
+
 30 July 2024: Wouter
        - Fix to document parameters of auth_zone_verify_zonemd_with_key.
 

diff --git a/iterator/iterator.c b/iterator/iterator.c
index cddb02717a0a59a2906b413e190cb4a90af2a572..b348e98677f27363b4db52934ac293139fc90b42 100644 (file)
--- a/iterator/iterator.c
+++ b/iterator/iterator.c
@@ -1560,6 +1560,11 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq,
                        errinf(qstate, "malloc failure for forward zone");
                        return error_response(qstate, id, LDNS_RCODE_SERVFAIL);
                }
+               if(!cache_fill_missing(qstate->env, iq->qchase.qclass,
+                       qstate->region, iq->dp)) {
+                       errinf(qstate, "malloc failure, copy extra info into delegation point");
+                       return error_response(qstate, id, LDNS_RCODE_SERVFAIL);
+               }
                if((qstate->query_flags&BIT_RD)==0) {
                        /* If the server accepts RD=0 queries and forwards
                         * with RD=1, then if the server is listed as an NS

diff --git a/services/cache/dns.c b/services/cache/dns.c
index 60e79a2e7be4165277e6aa63dc4f5d77289f8d97..5e74c31693b3ea8522b0714c88ba3804f5a0e2b2 100644 (file)
--- a/services/cache/dns.c
+++ b/services/cache/dns.c
@@ -346,6 +346,13 @@ find_add_addrs(struct module_env* env, uint16_t qclass,
                         * not use dns64 translation */
                        neg = msg_cache_lookup(env, ns->name, ns->namelen,
                                LDNS_RR_TYPE_AAAA, qclass, 0, now, 0);
+                       /* Because recursion for lookup uses BIT_CD, check
+                        * for that so it stops the recursion lookup, if a
+                        * negative answer is cached. Because the cache uses
+                        * the CD flag for type AAAA. */
+                       if(!neg)
+                               neg = msg_cache_lookup(env, ns->name, ns->namelen,
+                                       LDNS_RR_TYPE_AAAA, qclass, BIT_CD, now, 0);
                        if(neg) {
                                delegpt_add_neg_msg(dp, neg);
                                lock_rw_unlock(&neg->entry.lock);
@@ -405,6 +412,13 @@ cache_fill_missing(struct module_env* env, uint16_t qclass,
                         * not use dns64 translation */
                        neg = msg_cache_lookup(env, ns->name, ns->namelen,
                                LDNS_RR_TYPE_AAAA, qclass, 0, now, 0);
+                       /* Because recursion for lookup uses BIT_CD, check
+                        * for that so it stops the recursion lookup, if a
+                        * negative answer is cached. Because the cache uses
+                        * the CD flag for type AAAA. */
+                       if(!neg)
+                               neg = msg_cache_lookup(env, ns->name, ns->namelen,
+                                       LDNS_RR_TYPE_AAAA, qclass, BIT_CD, now, 0);
                        if(neg) {
                                delegpt_add_neg_msg(dp, neg);
                                lock_rw_unlock(&neg->entry.lock);

diff --git a/testdata/fwd_name_lookup.rpl b/testdata/fwd_name_lookup.rpl
new file mode 100644 (file)
index 0000000..dbcfffb
--- /dev/null
+++ b/testdata/fwd_name_lookup.rpl
@@ -0,0 +1,152 @@
+; config options
+server:
+       # must have target-fetch-policy to fetch forward-host name.
+       target-fetch-policy: "3 2 1 0 0"
+       qname-minimisation: no
+       minimal-responses: no
+
+forward-zone:
+       name: "."
+       forward-addr: 1.2.3.4
+       forward-host: ns.example.com
+CONFIG_END
+
+SCENARIO_BEGIN Test forward with forward-host lookup for more addresses
+
+; Forward server
+RANGE_BEGIN 0 15
+       ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ns.example.com. IN A
+SECTION ANSWER
+ns.example.com. IN A 1.2.3.4
+ns.example.com. IN A 1.2.3.5
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ns.example.com. IN AAAA
+SECTION ANSWER
+SECTION AUTHORITY
+example.com. IN SOA ns.example.com. host.example.com. 3 3600 300 86400 3600
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A 1.2.3.6
+ENTRY_END
+RANGE_END
+
+; The forward server gives no answers.
+RANGE_BEGIN 20 55
+       ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR SERVFAIL
+SECTION QUESTION
+www2.example.com. IN A
+SECTION ANSWER
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR SERVFAIL
+SECTION QUESTION
+www3.example.com. IN A
+SECTION ANSWER
+ENTRY_END
+RANGE_END
+
+; The other forward server.
+RANGE_BEGIN 20 55
+       ADDRESS 1.2.3.5
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www2.example.com. IN A
+SECTION ANSWER
+www2.example.com. IN A 1.2.3.7
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www3.example.com. IN A
+SECTION ANSWER
+www3.example.com. IN A 1.2.3.8
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A 1.2.3.6
+ENTRY_END
+
+; The address 1.2.3.4 is not responding so it has to fail over to the
+; address from the name lookup.
+STEP 20 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www2.example.com. IN A
+ENTRY_END
+
+STEP 30 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+www2.example.com. IN A
+SECTION ANSWER
+www2.example.com. IN A 1.2.3.7
+ENTRY_END
+
+STEP 40 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www3.example.com. IN A
+ENTRY_END
+
+STEP 50 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+www3.example.com. IN A
+SECTION ANSWER
+www3.example.com. IN A 1.2.3.8
+ENTRY_END
+
+SCENARIO_END